To clarify, after deploying and maintaining many Windows-only sites all using Active Directory, I started to wonder why I never thought twice about using something else, e.g. Linux. I understand that a full-featured alternative may not exist yet, but I'm at least looking for something that is aspiring to be active directory and working towards it.

This question exists because it has historical significance, but it is not considered a good, on-topic question for this site, so please do not use it as evidence that you can ask similar questions here. This question and its answers are frozen and cannot be changed. More info: help center.

3

What features of AD are you looking to replace? Group Policy, naming services, authentication, security groups?
–
Murali SuriarMay 3 '09 at 0:15

12 Answers
12

Likewise-Open makes integrating Linux clients and member servers into an existing Active Directory fairly simple. We use it on a couple of Ubuntu servers for NAS -- just upgraded to Jaunty and it works great, though we stuck with the likewise-open (4.x) rather than likewise-open5 package, as there are some changes in the newest version which we haven't figured out completely. In particular, Likewise takes some of the overhead and configuration out of the krb5/pam/winbind/samba setup. Supposedly its authentication mechanism is more efficient too, but this isn't something that we've really noticed.

Also, the long-awaited Samba 4 is supposed to be coming in the not-too-distant future, and promises a number of interoperability improvements such as Group Policy support, might be worth staying tuned.

I have not used eDirectory personally, but one of my colleagues at a previous employer had come from an eDirectory shop and he was of the opinion that it was actually more flexible and feature-rich than AD -- which, I suppose, is a necessary posture for an "underdog" product to be successful.
–
SkyhawkDec 7 '11 at 18:54

This is something you hear a lot from people that worked with it. I don't think it was originally an underdog at all; it was the dominant directory product (that wasn't an NT domain) at the time. Active Directory displaced it.
–
TristanKDec 7 '11 at 21:22

OSX Server provides a built-in open source stack to replace active directory based on OpenLDAP. It's not the easiest to get up and running but 99% of it can be done through the GUI and if you've got AD experience it's fairly straight forward.

Plus Apple provide support for getting things up, running and configured in case you get stuck :)

No projects have ever gotten any kind of traction on aspiring to be a complete AD replacement. AD is an ecosystem with itself as the core, things like security, exchange, DNS, GPO are branches of this and these in turn are intertwined with Office, Sharepoint, SQL, Outlook, etc. Most projects that are out there are just replacements or replications of individual branches and mostly just so non-windows systems can tie into windows networks.

You can make OpenLDAP/Samba/Kerberos work, but it's not the easiest thing to do. There's a lot of configuration you'll have to go through that is significantly greater than the amount of time it would take to stand up two Windows servers and make them DCs and be up and running with an Active Directory domain. And as indicated, getting GPOs and some of the other features (authoritative DHCP servers, Active Directory-integrated DNS, Active Directory Kerberos backed IPSEC policies, Exchange / OCS integration, etc.).

I've had some good experiences with Kaseya. It is very script heavy but it provides a nice editor with lots of options. it runs an agent on the machine, so you can do basically anything that active directory could do, from changing passwords to pushing out policy.

There are tons of hosted exchange sites out on the internet that solve email issues as well.